<?php
    /**
    * Handle file upload
    */
    if (!defined('EXPONENT')) exit('');
    $user_id = 0;
    if (isset($_REQUEST['user_id']))
        $user_id = intval($_REQUEST['user_id']);
    $cuser=null;
    $cuser=$db->selectObject("user", "id = {$user_id}");
    if (!isset($cuser->id))
        $cuser = null;
    
    if ($cuser!=null && (exponent_users_isAdmin() ||  exponent_permissions_check(array("administrate","upload"),exponent_core_makeLocation("profilemodule","_syscore",""))))
    {  
        require_once(BASE."modules/profilemodule/uploader.php");

        // list of valid extensions, ex. array("jpeg", "xml", "bmp")
        $allowedExtensions = array();
        // max file size in bytes
        $sizeLimit = 100 * 1024 * 1024;

        $uploader = new qqFileUploader($allowedExtensions, $sizeLimit);
        
        // ok, now we need to determine 
        $name=$uploader->getName();
        
        // get profile by user_id
        
        // check folder exist or not
        if (!is_dir(BASE."files/profiles"))
            mkdir(BASE."files/profiles",0775);
        if (!is_dir(BASE."files/profiles/{$cuser->username}"))
            mkdir(BASE."files/profiles/{$cuser->username}",0775);
        
        $path = BASE."files/profiles/{$cuser->username}/";
        
        // Call handleUpload() with the name of the folder, relative to PHP's getcwd()
        $result = $uploader->handleUpload($path,true);
        
        // chmod the result file
        chmod(BASE."files/profiles/{$cuser->username}/".$name,0755);
        
        $result['file_path']=PATH_RELATIVE."files/profiles/{$cuser->username}/".$name;
        
        // scan virus
        $filename = BASE."files/profiles/{$cuser->username}/".$name;
        if (_ab_clamdscanvirus($filename))
        {
            // immediately remove file
            unlink($filename);
            die("{'error':'Virus Infected'}");  
        }
        
        // to pass data through iframe you will need to encode all html tags
        echo htmlspecialchars(json_encode($result), ENT_NOQUOTES);

    }

?>